Raúl Benencia discovered that ikiwiki, a wiki compiler, does notproperly escape the author (and its URL) of certain metadata, such ascomments. This might be used to conduct cross-site scripting attacks.

For the stable distribution (squeeze), this problem has been fixed inversion 3.20100815.9.

For the testing distribution (wheezy), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed inversion 3.20120516.

We recommend that you upgrade your ikiwiki packages.

Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: http://www.debian.org/security/

Tielei Wang discovered that OpenOffice.org does not allocate a largeenough memory region when processing a specially crafted JPEG object,leading to a heap-based buffer overflow and potentially arbitrary codeexecution.

For the stable distribution (squeeze), this problem has been fixed inversion 1:3.2.1-11+squeeze5.

For the testing distribution (wheezy) and the unstable distribution(sid), this problem has been fixed in version 1:3.4.5-1 of thelibreoffice package.

We recommend that you upgrade your openoffice.org packages.

Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: http://www.debian.org/security/